SharePoint Online (Okta SSO) [Claims] Source Quick Setup
-
Validate that your environment meets the requirements:
-
OR
(For Microsoft OneDrive for Business) CES 7.0.8047+ (December 2015)
Note: You can check your CES version from the Administration Tool. [more]
-
Your Coveo license includes the Microsoft SharePoint or Microsoft OneDrive for Business connector. [more]
-
CES 7.0.8047+ (December 2015) DNS records for Office 365 at your DNS hosting provider
-
-
Create a user identity.
Key parameter Value Name You must name your user identity. User An Okta SSO recognized account in the username@mydomain.com form that can see all the content that you want to index. Password The corresponding password. -
Ensure that the account of your user identity has the appropriate permissions:
-
For content and permission indexing, incremental refresh, and site collection discovery, the account must have Administrator permission for all SharePoint Online site collections to index, but also the root site collection. [more]
-
For personal site, user profile, and social tags indexing, the account must be owner of all personal sites collections [more].
-
-
Create a Claims for SharePoint Online security provider. [more]
Key parameter Value Name You must name your security provider (ex.: Claims SharePoint Online Okta). Security Provider Type Claims for SharePoint Online User Identity The user identity you created in step 2. SharePoint Web Application Url In the form https://mydomain.sharepoint.com Office 365 Native Users Domain(s) In the form mydomain.onmicrosoft.com[more] Single Sign-On (AD FS) is enabled Selected Url of the SharePoint AD FS Server The full path to your SharePoint Online ActiveClientSignInUrl that should be in the form:
https://mydomain.okta.com/app/office365/[GUID]/sso/wsfed/active
You can find your SharePoint Online ActiveClientSignInUrl in Okta, in the sign on instructions of the Microsoft Office 365 application:
-
With an administrator account, log in into Okta.
-
In the top menu, click Admin.
-
In the administration panel, select Applications > Applications.
-
In the Applications page, click Microsoft Office 365.
-
In the Microsoft Office 365 page, select the Sign On tab.
-
In the Sign On tab, under Sign On Methods section, click View Setup Instructions.
-
The ActiveClientSignInUrl is the value next to ActiveLogOnUri.
Trust Identifier for SharePoint urn:federation:MicrosoftOnline -
-
Install the Windows Azure AD module on the Coveo Master server needed by the Office 365 security provider [more].
-
Create an Office 365 security provider. [more]
Key parameter Value Name You must name your security provider (ex.: Office 365 SharePoint Online Okta). Security Provider Type Office 365 User Identity The user identity you created in step 2. Users Security Provider The Claims for SharePoint Online security provider you just created. Windows Azure Active Directory Module for Windows PowerShell The installation path of the Microsoft Online Services Module for Windows PowerShell.[more] -
Create a SharePoint security provider. [more]
Key parameter Value Name You must name your security provider (ex.: SharePoint Online Okta). Security Provider Type SharePoint User Identity The user identity you created in step 2. Active Directory Security Provider Active Directory to resolve AD users.
(none) to only recognize Okta SSO users.
Security Provider for SharePoint Users The Claims for SharePoint Online security provider you created in step 4. Security Provider for Domain Groups The Office 365 security provider you just created in step 6. SharePoint Server Url URL of the SharePoint Online site in the form https://mydomain.sharepoint.com/[path], where [path] is needed only when you want index a specific site collection, list, etc. AuthenticationType SpOnlineFederated AdfsServerUrl The same path you entered when configuring the Claims for SharePoint Online security provider (see AdfsServerUrl).
SharePointTrustIdentifier The Relying Party Trust identifier for the SharePoint web application, such as urn:federation:MicrosoftOnline. [more] Notes: You can configure the security provider to operate when multiple ADFS servers are used to authenticate users in SharePoint. [more]
-
Create a SharePoint or OneDrive for Business source.
Key parameter SharePoint OneDrive for Business Name You must name your source (ex.: Claims SharePoint Online Okta or Claims OneDrive for Business Okta). Source Type SharePoint (x64) OneDrive for Business Addresses The SharePoint Online server URL in the form https://mydomain.SharePoint.com. [more] The URL of the SharePoint Online site collection regrouping all the personal sites (in which are located the OneDrives for Business) that you want to index in the form https://domain-my.sharepoint.com. [more]
Crawling Scope WebApplication N/A Authentication Type SpOnlineFederated AdfsServerUrl
(Hidden parameter)The same path you entered when configuring the Claims for SharePoint Online security provider (see AdfsServerUrl).
SharePointTrustIdentifier
(Hidden parameter)The Relying Party Trust identifier for the SharePoint web application, such as urn:federation:MicrosoftOnline. [more] Authentication The user identity you created in step 2. Security Provider The SharePoint security provider you created in step 7. Notes: You can configure the source to operate when multiple ADFS servers are used to authenticate users in SharePoint.
-
Rebuild the source and validate that documents are indexed.
-
(Not for OneDrive for Business sources) When a claims-aware Coveo Search is used, you can test the searchability of the source [more]
-
Add the Claims for SharePoint security provider that you created in step 4 to the Coveo .NET Front-End search interface
-
Log in to the search interface with an Okta SSO recognized user, and then verify that you can see search results from the source you created in step 8, but only documents to which this user has access in SharePoint Online.
-